Clarify CSR formats supported by Azure Key Vault#137
Conversation
Updated the supported formats for merging CSR in Azure Key Vault documentation to include both PKCS#8 and PKCS#7 formats.
|
Learn Build status updates of commit 74b258f: ✅ Validation status: passed
For more details, please refer to the build report. |
|
#sign-off |
|
Invalid command: '#sign-off'. Only the assigned author of one or more file in this PR can sign off. @msmbaldwin |
|
Can you review the proposed changes? IMPORTANT: When the changes are ready for publication, adding a #label:"aq-pr-triaged" |
There was a problem hiding this comment.
Pull request overview
This PR updates Azure Key Vault certificate documentation to clarify which CSR merge inputs are supported, refining guidance in the certificate scenarios article for users working with externally issued certificates.
Changes:
- Replaced the old merge-CSR note with explicit guidance for PKCS#8 and PKCS#7 inputs.
- Added PKCS#7 preparation steps for PEM- and DER-encoded inputs.
- Added a failure-condition note for unsupported merge input formatting.
| When merging a certificate signing request (CSR), Azure Key Vault accepts input in either PKCS#8 or PKCS#7 format. | ||
|
|
||
| - *PKCS#8:* You can provide a PKCS#8-encoded certificate directly with the following headers: | ||
|
|
||
| -----BEGIN CERTIFICATE----- | ||
|
|
||
| -----END CERTIFICATE----- |
| If your PKCS#7 file is in binary (DER) format, you must first convert it to Base64 encoding (for example, by using [certutil -encode](/windows-server/administration/windows-commands/certutil#-encode)). After encoding, remove any header and footer lines that may have been added, and submit only the Base64 content. | ||
|
|
||
| Providing the data in any other format, or including headers and footers, will result in a failed merge operation. |
|
This pull request has been inactive for at least 14 days. If you are finished with your changes, don't forget to sign off. See the contributor guide for instructions. |
|
@FabianGonzalez-MS : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change. |
msmbaldwin
left a comment
There was a problem hiding this comment.
Thanks — the technical guidance on PKCS#8 / PKCS#7 / PEM / DER is accurate. A few markdown and style fixes:
-
Bold instead of italic —
*PKCS#8:*and*PKCS#7 (certificate chain):*should be**PKCS#8:**and**PKCS#7 (certificate chain):**for lead-in terms. -
Bullet nesting — the "If your PKCS#7 file is in PEM format..." and "If your PKCS#7 file is in binary (DER) format..." sentences need to be indented under the
- **PKCS#7 (certificate chain):**bullet (4-space indent with a blank line before each), otherwise they render as separate paragraphs outside the list. -
Tense — "Providing the data in any other format... will result in a failed merge operation." Use present tense per the Microsoft style guide: "results in".
Once these are addressed, add a comment containing #sign-off (without the backticks) to submit for publication.
@FabianGonzalez-MS Can you respond to the requested changes or let us know if you would like us to commit them? @msmbaldwin - When the changes are ready for publication, adding a #label:"aq-pr-triaged" |
|
This pull request has been inactive for at least 14 days. If you are finished with your changes, don't forget to sign off. See the contributor guide for instructions. |
Updated the supported formats for merging CSR in Azure Key Vault documentation to include both PKCS#8 and PKCS#7 formats.